With the rise of Voice over
wireless LAN (VoWLAN), any complete WiFi security solution must address
denial of service attacks, such as kicking off other clients, consuming
excessive bandwidth, or spoofing access points, to the detriment of
legitimate clients. Even an authorized client may be able to sufficiently
disrupt service quality to make the network ineffective for legitimate
clients.

We take a three-point, MAP (Measure, Analyze, Protect)
approach to develop an integrated and extensible framework to
address existing and future attacks on WiFi networks.
Specifically, we focus our efforts on an integrated set of new
components that allow a WiFi network operator to measure and
analyze WiFi and VoWLAN activity, and in real-time to identify and
defend against MAC-layer attacks on that infrastructure.
Our plan includes three overlapping phases: research, prototype
development, and deployment on a large portion of Dartmouth's
campus-wide wireless network.

Measurement: we have developed novel and scalable techniques to
collect multi-channel MAC-layer traces of the wireless
environment, building on our wireless-measurement infrastructure. Our
independant and coordinated channel sampling strategies dynamically
adapt to current channel conditions. These are augmented by our refocusing
mechanism which takes input from the analysis engines to further improve
relevant frame capture.

Analysis: We have developed novel anomaly and signature detection
techniques. Our MAC spoofing detection algorithm is based on RSSI observed at
the air monitors.

Protection: we will develop a
policy-driven protection engine that leverages existing defense mechanisms;
the R&D challenge here is to integrate them into our analysis framework
and to evaluate the impact of automated defenses on well-behaved users in a
network.

Deployment

With our partner, Aruba Networks, we
will develop and deploy prototypes for testing in Phase 1-2, and
in the third phase we are deploying our prototypes across
Dartmouth' next-generation campus-wide WiFi network; this testbed
provides valuable data for the research team and valuable input
into Aruba's product pipeline.

Novelty

We plan significant, novel extensions to existing
technology; these techniques have never been applied to WiFi
networks, to VoWLAN applications, or at the scale necessary for
large deployment. Our integrated end-to-end MAP approach is new,
and our proposed campus-wide deployment is unprecedented in scope
and scale.

Our MAP approach provides a new foundation for wireless network
security, able to dynamically measure, analyze and protect a WiFi
network against existing and novel threats, including rogue
clients and access points, with a focus on VoWLAN use cases.